Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This page describes how to integrate Seam's Identity component (a.k.a - Seam Security) with a CAS Server.  My approach is based on the Yale CAS Client distribution.

1.  web.xml
Configure your web.xml as directed in the Yale CAS Client distribution docs to use CAS for login and logout.

Login Block
<\!-\- CAS Authentication Filter (Login) \-->
&nbsp;&nbsp; <filter>
&nbsp;&nbsp;&nbsp;&nbsp; <filter-name>CASFilter</filter-name>
&nbsp;&nbsp;&nbsp;&nbsp; <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
&nbsp;&nbsp;&nbsp;&nbsp; <init-param>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-value>https://YOUR_CAS_SERVER_HOST_ADDRESS_HERE/cas/login</param-value>
&nbsp;&nbsp;&nbsp;&nbsp; </init-param>
&nbsp;&nbsp;&nbsp;&nbsp; <init-param>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-value>https://YOUR_CAS_SERVER_HOST_ADDRESS_HERE/cas/serviceValidate</param-value>
&nbsp;&nbsp;&nbsp;&nbsp; </init-param>

&nbsp;&nbsp;&nbsp;&nbsp; <init-param>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-value>true</param-value>
&nbsp;&nbsp;&nbsp;&nbsp; </init-param>

&nbsp;&nbsp;&nbsp; </filter>
Logout Block
<\!-\- CAS Logout Filter and Logout Mapping-->
&nbsp; <filter>
&nbsp;&nbsp;&nbsp; <filter-name>LogoutFilter</filter-name>
&nbsp;&nbsp;&nbsp; <filter-class>edu.yale.its.tp.cas.client.filter.LogoutFilter</filter-class>
&nbsp;&nbsp;&nbsp; <init-param>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-name>edu.yale.its.tp.cas.client.filter.logoutUrl</param-name>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <param-value>https://YOUR_CAS_SERVER_HOST_ADDRESS_HERE/cas/logout</param-value>
&nbsp;&nbsp;&nbsp; </init-param>
&nbsp; </filter>

&nbsp; <filter-mapping>
&nbsp;&nbsp;&nbsp; <filter-name>LogoutFilter</filter-name>
&nbsp;&nbsp;&nbsp; <url-pattern>/logout/*</url-pattern>
&nbsp; </filter-mapping>

2. Write a Seam-Identity authenticator class / component:

Sample Seam Identity Authenticator
@Name("ssoAuthenticator")
@Scope(ScopeType.SESSION)
public class SSOAuthenticator {

&nbsp;&nbsp;&nbsp; @Logger
&nbsp;&nbsp;&nbsp; private Log log;

&nbsp;&nbsp;&nbsp; private UserPrincipal userPrincipal;

&nbsp;&nbsp;&nbsp; // see http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119167
&nbsp;&nbsp;&nbsp; // This method is configured in pages.xml as an action called for all pages:
&nbsp;&nbsp;&nbsp; // &nbsp;&nbsp;&nbsp; <page view-id="/*" login-required="true" action="#{authenticator.checkLogin}"/>
&nbsp;&nbsp;&nbsp; public void checkLogin() {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; final boolean isLoggedIn = Identity.instance().isLoggedIn();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // user may already be logged in - check
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (isLoggedIn) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authenticate();
&nbsp;&nbsp;&nbsp; }

&nbsp;&nbsp;&nbsp; public boolean authenticate() {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Identity identity = Identity.instance();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; boolean authenticated = \!(userPrincipal == null);
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (\!authenticated) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; try {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Obtain authenticated UserPrincipal from Servlet container
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FacesContext facesContext = FacesContext.getCurrentInstance();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Principal rawPrincipal = facesContext.getExternalContext().getUserPrincipal();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; userPrincipal = (UserPrincipal) rawPrincipal;

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // trigger the identity login sequence and add roles
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (userPrincipal \!= null) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // Identity must have 'fresh' credentials for authenticat() call to proceed
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; identity.setUsername(userPrincipal.getUserid());
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; identity.setPassword(userPrincipal.getUserid());
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; identity.authenticate();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // in my case, our system makes roles available in the UserPrincipal,
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; // do what is right for your system
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Group\[\] roleGroups = userPrincipal.getUserRoles();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if (roleGroups \!= null) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for (Group group : userPrincipal.getUserRoles()) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Enumeration<? extends Principal> roles = group.members();
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; while (roles.hasMoreElements()) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; identity.addRole(roles.nextElement().getName());
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; authenticated = true;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; } catch (Exception e) {
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; log.error(e, e);
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; return authenticated;
&nbsp;&nbsp;&nbsp; }
}

2. pages.xml
Configure Seam's pages.xml file in your web app to use your authenticator.

<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no-conversation-view-id="/index.xhtml">

&nbsp; <page view-id="/index.xhtml" action="#{ssoAuthenticator.checkLogin}" login-required="false"/>

&nbsp; <page view-id="/*" login-required="true"/>

&nbsp; <exception class="org.jboss.seam.security.NotLoggedInException">
&nbsp;&nbsp;&nbsp; <redirect view-id="/index.xhtml">
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <message>Please log in first</message>
&nbsp;&nbsp;&nbsp; </redirect>
&nbsp; </exception>

&nbsp; ...

</pages>
  • No labels